integration tests

mapbox · Jul 25, 2016 · ecc8d32 · ecc8d32
1 parent b8404e2
commit ecc8d32
Show file tree

Hide file tree

Showing 5 changed files with 164 additions and 16 deletions.
diff --git a/cloudformation/ecs-conex-ci.template.json b/cloudformation/ecs-conex-ci.template.json
@@ -0,0 +1,69 @@
+{
+    "AWSTemplateFormatVersion": "2010-09-09",
+    "Description": "test user for ecs-conex",
+    "Resources": {
+        "User": {
+            "Type": "AWS::IAM::User",
+            "Properties": {
+                "Policies": [
+                    {
+                        "PolicyName": "validate-templates",
+                        "PolicyDocument": {
+                            "Statement": [
+                                {
+                                    "Action": [
+                                        "ecr:*"
+                                    ],
+                                    "Effect": "Allow",
+                                    "Resource": {
+                                        "Fn::Join": [
+                                            "",
+                                            [
+                                                "arn:aws:ecr:*:",
+                                                {
+                                                    "Ref": "AWS::AccountId"
+                                                },
+                                                ":repository/ecs-conex-test"
+                                            ]
+                                        ]
+                                    }
+                                },
+                                {
+                                    "Action": [
+                                        "ecr:GetAuthorizationToken",
+                                        "ecr:CreateRepository"
+                                    ],
+                                    "Effect": "Allow",
+                                    "Resource": "*"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            }
+        },
+        "AccessKey": {
+            "Type": "AWS::IAM::AccessKey",
+            "Properties": {
+                "UserName": {
+                    "Ref": "User"
+                }
+            }
+        }
+    },
+    "Outputs": {
+        "AccessKeyId": {
+            "Value": {
+                "Ref": "AccessKey"
+            }
+        },
+        "SecretAccessKey": {
+            "Value": {
+                "Fn::GetAtt": [
+                    "AccessKey",
+                    "SecretAccessKey"
+                ]
+            }
+        }
+    }
+}
diff --git a/package.json b/package.json
@@ -4,7 +4,7 @@
   "description": "ECS Container Express",
   "main": "ecs-conex.sh",
   "scripts": {
-    "test": "test/utils.test.sh"
+    "test": "test/test.sh"
   },
   "repository": {
     "type": "git",

diff --git a/test/lib/utils.sh b/test/lib/utils.sh
@@ -15,9 +15,9 @@ function tag_test() {
 
 function assert () {
   testId=$((testId+1))
-  evaluation=$1
-  result=$2
-  expected=$3
+  evaluation=${1:-}
+  result=${2:-}
+  expected=${3:-}
   message=${4:-""}
 
   # equal
@@ -35,7 +35,7 @@ function assert () {
 
   # not equal
   if [ "${evaluation}" == "notEqual" ]; then
-    if [ !${message} ]; then
+    if [ ! ${message} ]; then
       message="should not equal"
     fi
 
@@ -48,7 +48,7 @@ function assert () {
 
   # contains
   if [ "${evaluation}" == "contains" ]; then
-    if [ !${message} ]; then
+    if [ ! ${message} ]; then
       message="should contain"
     fi
 
@@ -61,7 +61,7 @@ function assert () {
 
   # does not contain
   if [ "${evaluation}" == "doesNotContain" ]; then
-    if [ !${message} ]; then
+    if [ ! ${message} ]; then
       message="should not contain"
     fi
 
@@ -71,6 +71,15 @@ function assert () {
       passed "${message}"
     fi
   fi
+
+  # success
+  if [ "${evaluation}" == "success" ]; then
+    if $result; then
+      passed "${expected}"
+    else
+      failed "${expected}" "exit 0" "exit $?"
+    fi
+  fi
 }
 
 function passed() {

diff --git a/test/utils.test.sh → test/test.sh b/test/utils.test.sh → test/test.sh
@@ -9,6 +9,16 @@ PASSED=0
 # initialize test id counter
 testId=0
 
+# stash real credentials
+stashedAccessKey=${AWS_ACCESS_KEY_ID:-}
+stashedSecretKey=${AWS_SECRET_ACCESS_KEY:-}
+stashedToken=${AWS_SESSION_TOKEN:-}
+stashedGithub=${GithubAccessToken:-}
+export AWS_ACCESS_KEY_ID=
+export AWS_SECRET_ACCESS_KEY=
+export AWS_SESSION_TOKEN=
+export GithubAccessToken=
+
 # before_image() test
 tag_test "before_image()"
 export AccountId=1
@@ -361,6 +371,60 @@ if [ -d ${tmpdir} ]; then
 fi
 assert "equal" "${FAILURE}" "" "should not have any failures"
 
+tag_test "build image"
+assert success "$(which docker) build -t ecs-conex ./ --no-cache" "built image"
+
+# restore stashed AWS vars for integration test
+export AWS_ACCESS_KEY_ID=${stashedAccessKey}
+export AWS_SECRET_ACCESS_KEY=${stashedSecretKey}
+export AWS_SESSION_TOKEN=${stashedToken}
+export GithubAccessToken=${stashedGithub}
+
+tag_test "build a repo's image"
+
+# clone ecs-conex-test
+local_repo=$(mktemp -d /tmp/ecs-conex-test-XXXXXX)
+git=$(which git)
+$git clone https://${GithubAccessToken}@github.com/mapbox/ecs-conex-test ${local_repo} > /dev/null 2>&1
+cwd=$(pwd) && cd ${local_repo}
+
+# push an empty commit to a random branch
+branch=$(node -e "console.log(require('crypto').randomBytes(8).toString('hex'))")
+$git checkout -b ${branch} > /dev/null 2>&1
+before=$($git rev-parse head)
+$git commit -m "integration test" --allow-empty > /dev/null 2>&1
+after=$($git rev-parse head)
+$git push --set-upstream origin ${branch} > /dev/null 2>&1
+
+# Ask ecs-conex to build the commit that was made
+cd ${cwd}
+assert success \
+  "$(dirname $0)/manual.ecs-conex.sh mapbox ecs-conex-test 234858372212 ${after} ${before}" \
+  "ran ecs-conex"
+
+# Check that images landed in all THREE regions
+awscli=$(which aws)
+list=$(${awscli} ecr list-images \
+  --region us-east-1 \
+  --repository-name ecs-conex-test \
+  --query "imageIds[?imageTag == '${after}'].imageTag" \
+  --output text)
+assert equal "${list}" "${after}" "wrote image to us-east-1"
+
+list=$(${awscli} ecr list-images \
+  --region us-west-2 \
+  --repository-name ecs-conex-test \
+  --query "imageIds[?imageTag == '${after}'].imageTag" \
+  --output text)
+assert equal "${list}" "${after}" "wrote image to us-west-2"
+
+list=$(${awscli} ecr list-images \
+  --region eu-west-1 \
+  --repository-name ecs-conex-test \
+  --query "imageIds[?imageTag == '${after}'].imageTag" \
+  --output text)
+assert equal "${list}" "${after}" "wrote image to eu-west-1"
+
 # summary
 summarize
 

diff --git a/utils.sh b/utils.sh
@@ -73,25 +73,31 @@ function credentials() {
   filepath=${1}
   args=""
 
-  NPMAccessToken=$(printenv | grep NPMAccessToken | sed 's/.*=//')
-  if [[ -n $NPMAccessToken ]] && grep "ARG NPMAccessToken" ${filepath} > /dev/null 2>&1; then
+  if [[ -n ${NPMAccessToken:-} ]] && grep "ARG NPMAccessToken" ${filepath} > /dev/null 2>&1; then
     args+="--build-arg NPMAccessToken=${NPMAccessToken}"
   fi
 
   if [ ${MessageId} == "test" ]; then
     return
   fi
 
-  role=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/)
-  if [[ -z $role ]]; then
+  role=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/) || :
+  if [[ -z $role ]] && [[ -n ${AWS_ACCESS_KEY_ID} ]]; then
+    echo "env creds"
+    accessKeyId=${AWS_ACCESS_KEY_ID}
+    secretAccessKey=${AWS_SECRET_ACCESS_KEY}
+    sessionToken=${AWS_SESSION_TOKEN}
+  elif [[ -z $role ]]; then
+    echo "no creds"
     return
+  else
+    echo "ec2 creds"
+    creds=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/${role})
+    accessKeyId=$(node -e "console.log(${creds}.AccessKeyId)")
+    secretAccessKey=$(node -e "console.log(${creds}.SecretAccessKey)")
+    sessionToken=$(node -e "console.log(${creds}.SessionToken)")
   fi
 
-  creds=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/${role})
-  accessKeyId=$(node -e "console.log(${creds}.AccessKeyId)")
-  secretAccessKey=$(node -e "console.log(${creds}.SecretAccessKey)")
-  sessionToken=$(node -e "console.log(${creds}.SessionToken)")
-
   if [[ -n $accessKeyId ]] && [[ $accessKeyId != "undefined" ]] && grep "ARG AWS_ACCESS_KEY_ID" ${filepath} > /dev/null 2>&1; then
     args+=" --build-arg AWS_ACCESS_KEY_ID=${accessKeyId}"
   fi